Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6790 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to see if the SNMP server can receive AV traps

NalK

Hi,

Within the Sophos console, in the Anti virus and HIPS policy a SNMP server has been listed in the SNMP Trap destination however how can I check if it's being configured correctly?  We are receiving all other traps from that AV server except the Desktop AV alerts.

Thanks

:37141


This thread was automatically locked due to age.
Parents
  • 0

    Hi Wickedkittenz,

    I've checked the configuration settings for SNMP trap destinations and it has been set up as instructed in the help manual.  The way my organisation has been setup is as follows:

    A virus alert is generated on a workstation

    This creates a alert in the Sophos console which in turn send a trap to the snmp server

    The snmp server relays this information to a message server which captures the relevant data such as user name, file location, date/time stamp, virus name etc and then logs a incident ticket to our ticketing system.

    The system administrators have advised me that they receive other traps from the snmp server just not the anti virus ones.  I can also confirm that the UDP ports are not blocked as the message server is getting other traps from the snmp server. 

    So my question is, is there anyway I can check to see if the AV traps have been blocked or not configured to be sent as traps to the message servers?

    Hope this makes more sense now.

    Thanks

    :37227
Reply
  • 0

    Hi Wickedkittenz,

    I've checked the configuration settings for SNMP trap destinations and it has been set up as instructed in the help manual.  The way my organisation has been setup is as follows:

    A virus alert is generated on a workstation

    This creates a alert in the Sophos console which in turn send a trap to the snmp server

    The snmp server relays this information to a message server which captures the relevant data such as user name, file location, date/time stamp, virus name etc and then logs a incident ticket to our ticketing system.

    The system administrators have advised me that they receive other traps from the snmp server just not the anti virus ones.  I can also confirm that the UDP ports are not blocked as the message server is getting other traps from the snmp server. 

    So my question is, is there anyway I can check to see if the AV traps have been blocked or not configured to be sent as traps to the message servers?

    Hope this makes more sense now.

    Thanks

    :37227
Children
No Data